{
    "document": {
        "category": "csaf_security_advisory",
        "csaf_version": "2.0",
        "distribution": {
            "tlp": {
                "label": "WHITE"
            }
        },
        "lang": "nl",
        "notes": [
            {
                "category": "legal_disclaimer",
                "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
            },
            {
                "category": "description",
                "text": "Juniper heeft meerdere kwetsbaarheden verholpen in Junos OS en Junos OS Evolved, specifiek voor MX Series, PTX Series, QFX Series, EX Series, SRX Series en QFX10000 Series apparaten.",
                "title": "Feiten"
            },
            {
                "category": "description",
                "text": "De kwetsbaarheden betreffen verschillende componenten binnen Junos OS en Junos OS Evolved, waaronder de packet forwarding engine, routing protocol daemon, management daemon, SNMP daemon, http-gatekeeper, TCP proxy plugin, IKE daemon, fileio library, SIP plugin, URL filtering plugin en CLI. Exploitatie kan leiden tot geheugenbeschadiging, crashes van processen zoals mgd, rpd, flow processing daemon, l2ald, en FPC, wat resulteert in Denial-of-Service (DoS) condities. Sommige kwetsbaarheden kunnen door lokale gebruikers met beperkte rechten worden misbruikt om code uit te voeren of processen te laten crashen. Andere kwetsbaarheden kunnen door niet-geauthenticeerde aanvallers via netwerkverkeer worden misbruikt om processen te laten crashen, informatie te lekken, licentie-uitputting te veroorzaken of firewallregels te omzeilen. Specifieke hardwaremodellen en softwareversies zijn getroffen, zoals MX Series met SPC3, SRX Series, EX Series (EX2300, EX4000, EX4100, EX4400), QFX Series, PTX Series en QFX10000 Series. Sommige kwetsbaarheden vereisen handmatige herstart van systemen of processen om normale werking te herstellen. De problemen zijn aanwezig in versies voorafgaand aan de gepubliceerde patches en updates.",
                "title": "Interpretaties"
            },
            {
                "category": "description",
                "text": "Juniper heeft updates uitgebracht om de kwetsbaarheden in Junos OS en Junos OS Evolved te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
                "title": "Oplossingen"
            },
            {
                "category": "general",
                "text": "medium",
                "title": "Kans"
            },
            {
                "category": "general",
                "text": "high",
                "title": "Schade"
            },
            {
                "category": "general",
                "text": "Improper Handling of Undefined Parameters",
                "title": "CWE-236"
            },
            {
                "category": "general",
                "text": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')",
                "title": "CWE-362"
            },
            {
                "category": "general",
                "text": "Missing Release of Memory after Effective Lifetime",
                "title": "CWE-401"
            },
            {
                "category": "general",
                "text": "Return of Pointer Value Outside of Expected Range",
                "title": "CWE-466"
            },
            {
                "category": "general",
                "text": "NULL Pointer Dereference",
                "title": "CWE-476"
            },
            {
                "category": "general",
                "text": "Unchecked Input for Loop Condition",
                "title": "CWE-606"
            },
            {
                "category": "general",
                "text": "Use of Multiple Resources with Duplicate Identifier",
                "title": "CWE-694"
            },
            {
                "category": "general",
                "text": "Use of Incorrectly-Resolved Name or Reference",
                "title": "CWE-706"
            },
            {
                "category": "general",
                "text": "Improper Check for Unusual or Exceptional Conditions",
                "title": "CWE-754"
            },
            {
                "category": "general",
                "text": "Out-of-bounds Write",
                "title": "CWE-787"
            },
            {
                "category": "general",
                "text": "Missing Synchronization",
                "title": "CWE-820"
            },
            {
                "category": "general",
                "text": "Missing Authorization",
                "title": "CWE-862"
            },
            {
                "category": "general",
                "text": "Improper Restriction of Communication Channel to Intended Endpoints",
                "title": "CWE-923"
            },
            {
                "category": "general",
                "text": "Improper Validation of Specified Quantity in Input",
                "title": "CWE-1284"
            },
            {
                "category": "general",
                "text": "Improper Validation of Syntactic Correctness of Input",
                "title": "CWE-1286"
            }
        ],
        "publisher": {
            "category": "coordinator",
            "contact_details": "cert@ncsc.nl",
            "name": "Nationaal Cyber Security Centrum",
            "namespace": "https://www.ncsc.nl/"
        },
        "references": [
            {
                "category": "external",
                "summary": "Reference",
                "url": "https://supportportal.juniper.net/JSA110072"
            },
            {
                "category": "external",
                "summary": "Reference",
                "url": "https://supportportal.juniper.net/JSA110073"
            },
            {
                "category": "external",
                "summary": "Reference",
                "url": "https://supportportal.juniper.net/JSA110074"
            },
            {
                "category": "external",
                "summary": "Reference",
                "url": "https://supportportal.juniper.net/JSA110075"
            },
            {
                "category": "external",
                "summary": "Reference",
                "url": "https://supportportal.juniper.net/JSA110076"
            },
            {
                "category": "external",
                "summary": "Reference",
                "url": "https://supportportal.juniper.net/JSA110077"
            },
            {
                "category": "external",
                "summary": "Reference",
                "url": "https://supportportal.juniper.net/JSA110078"
            },
            {
                "category": "external",
                "summary": "Reference",
                "url": "https://supportportal.juniper.net/JSA110079"
            },
            {
                "category": "external",
                "summary": "Reference",
                "url": "https://supportportal.juniper.net/JSA110080"
            },
            {
                "category": "external",
                "summary": "Reference",
                "url": "https://supportportal.juniper.net/JSA110081"
            },
            {
                "category": "external",
                "summary": "Reference",
                "url": "https://supportportal.juniper.net/JSA110082"
            },
            {
                "category": "external",
                "summary": "Reference",
                "url": "https://supportportal.juniper.net/JSA110083"
            },
            {
                "category": "external",
                "summary": "Reference",
                "url": "https://supportportal.juniper.net/JSA110084"
            },
            {
                "category": "external",
                "summary": "Reference",
                "url": "https://supportportal.juniper.net/JSA110085"
            },
            {
                "category": "external",
                "summary": "Reference",
                "url": "https://supportportal.juniper.net/JSA110086"
            },
            {
                "category": "external",
                "summary": "Reference",
                "url": "https://supportportal.juniper.net/JSA110087"
            },
            {
                "category": "external",
                "summary": "Reference",
                "url": "https://supportportal.juniper.net/JSA110088"
            },
            {
                "category": "external",
                "summary": "Reference",
                "url": "https://supportportal.juniper.net/JSA110089"
            },
            {
                "category": "external",
                "summary": "Reference",
                "url": "https://supportportal.juniper.net/JSA110090"
            },
            {
                "category": "external",
                "summary": "Reference",
                "url": "https://supportportal.juniper.net/JSA110091"
            },
            {
                "category": "external",
                "summary": "Reference",
                "url": "https://supportportal.juniper.net/JSA110092"
            },
            {
                "category": "external",
                "summary": "Reference",
                "url": "https://supportportal.juniper.net/JSA110093"
            }
        ],
        "title": "Kwetsbaarheden verholpen in Juniper Networks Junos OS en Junos OS Evolved",
        "tracking": {
            "current_release_date": "2026-07-13T05:24:43.174567Z",
            "generator": {
                "date": "2025-08-04T16:30:00Z",
                "engine": {
                    "name": "V.A.",
                    "version": "1.3"
                }
            },
            "id": "NCSC-2026-0224",
            "initial_release_date": "2026-07-13T05:24:43.174567Z",
            "revision_history": [
                {
                    "date": "2026-07-13T05:24:43.174567Z",
                    "number": "1.0.0",
                    "summary": "Initiele versie"
                }
            ],
            "status": "final",
            "version": "1.0.0"
        }
    },
    "product_tree": {
        "branches": [
            {
                "branches": [
                    {
                        "branches": [
                            {
                                "category": "product_version_range",
                                "name": "vers:unknown/*",
                                "product": {
                                    "name": "vers:unknown/*",
                                    "product_id": "CSAFPID-1"
                                }
                            }
                        ],
                        "category": "product_name",
                        "name": "Junos OS"
                    },
                    {
                        "branches": [
                            {
                                "category": "product_version_range",
                                "name": "vers:unknown/*",
                                "product": {
                                    "name": "vers:unknown/*",
                                    "product_id": "CSAFPID-2"
                                }
                            }
                        ],
                        "category": "product_name",
                        "name": "Junos OS Evolved"
                    }
                ],
                "category": "vendor",
                "name": "Juniper Networks"
            }
        ]
    },
    "vulnerabilities": [
        {
            "cve": "CVE-2020-7450",
            "notes": [
                {
                    "category": "description",
                    "text": "Heap buffer overflow vulnerabilities in libfetch affecting FreeBSD versions prior to patches in 12.1, 12.0, and 11.3, as well as Juniper Networks Junos OS Evolved, arise from improper URL handling with username and/or password components, enabling potential code execution.",
                    "title": "Summary"
                }
            ],
            "product_status": {
                "known_affected": [
                    "CSAFPID-1",
                    "CSAFPID-2"
                ]
            },
            "references": [
                {
                    "category": "self",
                    "summary": "CVE-2020-7450 | NCSC-NL Website",
                    "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2020/cve-2020-7450.json"
                }
            ],
            "scores": [
                {
                    "cvss_v3": {
                        "version": "3.1",
                        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                        "baseScore": 7.8,
                        "baseSeverity": "HIGH"
                    },
                    "products": [
                        "CSAFPID-1",
                        "CSAFPID-2"
                    ]
                }
            ],
            "title": "CVE-2020-7450"
        },
        {
            "cve": "CVE-2026-21901",
            "cwe": {
                "id": "CWE-476",
                "name": "NULL Pointer Dereference"
            },
            "notes": [
                {
                    "category": "other",
                    "text": "NULL Pointer Dereference",
                    "title": "CWE-476"
                },
                {
                    "category": "description",
                    "text": "A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS and Junos OS Evolved management daemon allows a local high-privileged attacker to cause a Denial of Service by manipulating a specific SSH configuration parameter, leading to mgd process crashes and restarts.",
                    "title": "Summary"
                },
                {
                    "category": "general",
                    "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/V:D/RE:M/U:Green",
                    "title": "CVSSV4"
                }
            ],
            "product_status": {
                "known_affected": [
                    "CSAFPID-1",
                    "CSAFPID-2"
                ]
            },
            "references": [
                {
                    "category": "self",
                    "summary": "CVE-2026-21901 | NCSC-NL Website",
                    "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21901.json"
                }
            ],
            "scores": [
                {
                    "cvss_v3": {
                        "version": "3.1",
                        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                        "baseScore": 4.4,
                        "baseSeverity": "MEDIUM"
                    },
                    "products": [
                        "CSAFPID-1",
                        "CSAFPID-2"
                    ]
                }
            ],
            "title": "CVE-2026-21901"
        },
        {
            "cve": "CVE-2026-33794",
            "cwe": {
                "id": "CWE-754",
                "name": "Improper Check for Unusual or Exceptional Conditions"
            },
            "notes": [
                {
                    "category": "other",
                    "text": "Improper Check for Unusual or Exceptional Conditions",
                    "title": "CWE-754"
                },
                {
                    "category": "description",
                    "text": "A vulnerability in Juniper Networks Junos OS Evolved on PTX Series allows unauthenticated attackers to cause a Denial-of-Service by crashing the evo-aftmand process through malformed unilist ECMP routing updates, requiring manual system recovery.",
                    "title": "Summary"
                },
                {
                    "category": "general",
                    "text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:U/V:C/RE:M/U:Green",
                    "title": "CVSSV4"
                }
            ],
            "product_status": {
                "known_affected": [
                    "CSAFPID-1",
                    "CSAFPID-2"
                ]
            },
            "references": [
                {
                    "category": "self",
                    "summary": "CVE-2026-33794 | NCSC-NL Website",
                    "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-33794.json"
                }
            ],
            "scores": [
                {
                    "cvss_v3": {
                        "version": "3.1",
                        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                        "baseScore": 5.9,
                        "baseSeverity": "MEDIUM"
                    },
                    "products": [
                        "CSAFPID-1",
                        "CSAFPID-2"
                    ]
                }
            ],
            "title": "CVE-2026-33794"
        },
        {
            "cve": "CVE-2026-33799",
            "cwe": {
                "id": "CWE-787",
                "name": "Out-of-bounds Write"
            },
            "notes": [
                {
                    "category": "other",
                    "text": "Out-of-bounds Write",
                    "title": "CWE-787"
                },
                {
                    "category": "description",
                    "text": "An Out-of-bounds Write vulnerability in the SNMP daemon of Juniper Networks Junos OS and Junos OS Evolved causes memory leaks and process crashes triggered by authenticated SNMPv3 queries.",
                    "title": "Summary"
                },
                {
                    "category": "general",
                    "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/V:C/RE:M/U:Green",
                    "title": "CVSSV4"
                }
            ],
            "product_status": {
                "known_affected": [
                    "CSAFPID-1",
                    "CSAFPID-2"
                ]
            },
            "references": [
                {
                    "category": "self",
                    "summary": "CVE-2026-33799 | NCSC-NL Website",
                    "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-33799.json"
                }
            ],
            "scores": [
                {
                    "cvss_v3": {
                        "version": "3.1",
                        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                        "baseScore": 7.5,
                        "baseSeverity": "HIGH"
                    },
                    "products": [
                        "CSAFPID-1",
                        "CSAFPID-2"
                    ]
                }
            ],
            "title": "CVE-2026-33799"
        },
        {
            "cve": "CVE-2026-33800",
            "cwe": {
                "id": "CWE-606",
                "name": "Unchecked Input for Loop Condition"
            },
            "notes": [
                {
                    "category": "other",
                    "text": "Unchecked Input for Loop Condition",
                    "title": "CWE-606"
                },
                {
                    "category": "description",
                    "text": "An unchecked input vulnerability in Juniper Networks Junos OS on MX Series allows unauthenticated adjacent attackers to cause Denial-of-Service by triggering Micro-BFD session flaps that overload event processing, leading to FPC crashes and service outages.",
                    "title": "Summary"
                },
                {
                    "category": "general",
                    "text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M",
                    "title": "CVSSV4"
                }
            ],
            "product_status": {
                "known_affected": [
                    "CSAFPID-1",
                    "CSAFPID-2"
                ]
            },
            "references": [
                {
                    "category": "self",
                    "summary": "CVE-2026-33800 | NCSC-NL Website",
                    "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-33800.json"
                }
            ],
            "scores": [
                {
                    "cvss_v3": {
                        "version": "3.1",
                        "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                        "baseScore": 6.5,
                        "baseSeverity": "MEDIUM"
                    },
                    "products": [
                        "CSAFPID-1",
                        "CSAFPID-2"
                    ]
                }
            ],
            "title": "CVE-2026-33800"
        },
        {
            "cve": "CVE-2026-33801",
            "cwe": {
                "id": "CWE-754",
                "name": "Improper Check for Unusual or Exceptional Conditions"
            },
            "notes": [
                {
                    "category": "other",
                    "text": "Improper Check for Unusual or Exceptional Conditions",
                    "title": "CWE-754"
                },
                {
                    "category": "description",
                    "text": "A vulnerability in Juniper Networks Junos OS and Junos OS Evolved routing protocol daemon allows unauthenticated attackers to cause a Denial-of-Service by sending malformed BGP updates, triggering RPD crashes and service outages in versions 25.2 before 25.2R2.",
                    "title": "Summary"
                },
                {
                    "category": "general",
                    "text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M",
                    "title": "CVSSV4"
                }
            ],
            "product_status": {
                "known_affected": [
                    "CSAFPID-1",
                    "CSAFPID-2"
                ]
            },
            "references": [
                {
                    "category": "self",
                    "summary": "CVE-2026-33801 | NCSC-NL Website",
                    "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-33801.json"
                }
            ],
            "scores": [
                {
                    "cvss_v3": {
                        "version": "3.1",
                        "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                        "baseScore": 6.5,
                        "baseSeverity": "MEDIUM"
                    },
                    "products": [
                        "CSAFPID-1",
                        "CSAFPID-2"
                    ]
                }
            ],
            "title": "CVE-2026-33801"
        },
        {
            "cve": "CVE-2026-33802",
            "cwe": {
                "id": "CWE-862",
                "name": "Missing Authorization"
            },
            "notes": [
                {
                    "category": "other",
                    "text": "Missing Authorization",
                    "title": "CWE-862"
                },
                {
                    "category": "description",
                    "text": "A Missing Authorization vulnerability in Juniper Networks Junos OS on EX Series switches allows a local, authenticated attacker without special permissions to execute privileged CLI commands causing Denial-of-Service (DoS).",
                    "title": "Summary"
                },
                {
                    "category": "general",
                    "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M",
                    "title": "CVSSV4"
                }
            ],
            "product_status": {
                "known_affected": [
                    "CSAFPID-1",
                    "CSAFPID-2"
                ]
            },
            "references": [
                {
                    "category": "self",
                    "summary": "CVE-2026-33802 | NCSC-NL Website",
                    "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-33802.json"
                }
            ],
            "scores": [
                {
                    "cvss_v3": {
                        "version": "3.1",
                        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                        "baseScore": 5.5,
                        "baseSeverity": "MEDIUM"
                    },
                    "products": [
                        "CSAFPID-1",
                        "CSAFPID-2"
                    ]
                }
            ],
            "title": "CVE-2026-33802"
        },
        {
            "cve": "CVE-2026-33803",
            "cwe": {
                "id": "CWE-923",
                "name": "Improper Restriction of Communication Channel to Intended Endpoints"
            },
            "notes": [
                {
                    "category": "other",
                    "text": "Improper Restriction of Communication Channel to Intended Endpoints",
                    "title": "CWE-923"
                },
                {
                    "category": "description",
                    "text": "A vulnerability in Juniper Networks Junos OS Evolved allows unauthenticated network attackers to access an internal process via an open port, resulting in limited information disclosure and increased CPU usage.",
                    "title": "Summary"
                },
                {
                    "category": "general",
                    "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/AU:Y/R:U/RE:M",
                    "title": "CVSSV4"
                }
            ],
            "product_status": {
                "known_affected": [
                    "CSAFPID-1",
                    "CSAFPID-2"
                ]
            },
            "references": [
                {
                    "category": "self",
                    "summary": "CVE-2026-33803 | NCSC-NL Website",
                    "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-33803.json"
                }
            ],
            "scores": [
                {
                    "cvss_v3": {
                        "version": "3.1",
                        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
                        "baseScore": 6.5,
                        "baseSeverity": "MEDIUM"
                    },
                    "products": [
                        "CSAFPID-1",
                        "CSAFPID-2"
                    ]
                }
            ],
            "title": "CVE-2026-33803"
        },
        {
            "cve": "CVE-2026-57019",
            "cwe": {
                "id": "CWE-1284",
                "name": "Improper Validation of Specified Quantity in Input"
            },
            "notes": [
                {
                    "category": "other",
                    "text": "Improper Validation of Specified Quantity in Input",
                    "title": "CWE-1284"
                },
                {
                    "category": "description",
                    "text": "A vulnerability in Juniper Networks Junos OS on MX Series allows an unauthenticated adjacent attacker to cause a Denial-of-Service by triggering incorrect packet size calculation and FPC reset, affecting MAP-T and non-IP encapsulated traffic.",
                    "title": "Summary"
                },
                {
                    "category": "general",
                    "text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M",
                    "title": "CVSSV4"
                }
            ],
            "product_status": {
                "known_affected": [
                    "CSAFPID-1",
                    "CSAFPID-2"
                ]
            },
            "references": [
                {
                    "category": "self",
                    "summary": "CVE-2026-57019 | NCSC-NL Website",
                    "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-57019.json"
                }
            ],
            "scores": [
                {
                    "cvss_v3": {
                        "version": "3.1",
                        "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                        "baseScore": 6.5,
                        "baseSeverity": "MEDIUM"
                    },
                    "products": [
                        "CSAFPID-1",
                        "CSAFPID-2"
                    ]
                }
            ],
            "title": "CVE-2026-57019"
        },
        {
            "cve": "CVE-2026-57020",
            "cwe": {
                "id": "CWE-754",
                "name": "Improper Check for Unusual or Exceptional Conditions"
            },
            "notes": [
                {
                    "category": "other",
                    "text": "Improper Check for Unusual or Exceptional Conditions",
                    "title": "CWE-754"
                },
                {
                    "category": "description",
                    "text": "A vulnerability in Juniper Networks Junos OS on QFX10000 Series allows unauthenticated adjacent attackers to cause Denial-of-Service by flooding IPv6 multicast traffic in EVPN-VxLAN environments, affecting versions prior to specific 23.x and 24.x patches.",
                    "title": "Summary"
                },
                {
                    "category": "general",
                    "text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:U/RE:M",
                    "title": "CVSSV4"
                }
            ],
            "product_status": {
                "known_affected": [
                    "CSAFPID-1",
                    "CSAFPID-2"
                ]
            },
            "references": [
                {
                    "category": "self",
                    "summary": "CVE-2026-57020 | NCSC-NL Website",
                    "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-57020.json"
                }
            ],
            "scores": [
                {
                    "cvss_v3": {
                        "version": "3.1",
                        "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                        "baseScore": 6.5,
                        "baseSeverity": "MEDIUM"
                    },
                    "products": [
                        "CSAFPID-1",
                        "CSAFPID-2"
                    ]
                }
            ],
            "title": "CVE-2026-57020"
        },
        {
            "cve": "CVE-2026-57021",
            "cwe": {
                "id": "CWE-787",
                "name": "Out-of-bounds Write"
            },
            "notes": [
                {
                    "category": "other",
                    "text": "Out-of-bounds Write",
                    "title": "CWE-787"
                },
                {
                    "category": "description",
                    "text": "An Out-of-bounds Write vulnerability in the http-gatekeeper of Juniper SRX Series devices with remote-access VPN pre-logon compliance check allows unauthenticated attackers to cause Denial-of-Service by crashing the http-gk process, disrupting web-management and firewall authentication services.",
                    "title": "Summary"
                },
                {
                    "category": "general",
                    "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/AU:Y/R:A/RE:M",
                    "title": "CVSSV4"
                }
            ],
            "product_status": {
                "known_affected": [
                    "CSAFPID-1",
                    "CSAFPID-2"
                ]
            },
            "references": [
                {
                    "category": "self",
                    "summary": "CVE-2026-57021 | NCSC-NL Website",
                    "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-57021.json"
                }
            ],
            "scores": [
                {
                    "cvss_v3": {
                        "version": "3.1",
                        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                        "baseScore": 5.3,
                        "baseSeverity": "MEDIUM"
                    },
                    "products": [
                        "CSAFPID-1",
                        "CSAFPID-2"
                    ]
                }
            ],
            "title": "CVE-2026-57021"
        },
        {
            "cve": "CVE-2026-57022",
            "cwe": {
                "id": "CWE-754",
                "name": "Improper Check for Unusual or Exceptional Conditions"
            },
            "notes": [
                {
                    "category": "other",
                    "text": "Improper Check for Unusual or Exceptional Conditions",
                    "title": "CWE-754"
                },
                {
                    "category": "description",
                    "text": "A Denial-of-Service vulnerability in the Packet Forwarding Engine of Juniper Networks Junos OS on MX with SPC3 and SRX Series allows an unauthenticated attacker to cause a crash and restart via a crafted TCP packet, impacting multiple services.",
                    "title": "Summary"
                },
                {
                    "category": "general",
                    "text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/R:A/RE:M",
                    "title": "CVSSV4"
                }
            ],
            "product_status": {
                "known_affected": [
                    "CSAFPID-1",
                    "CSAFPID-2"
                ]
            },
            "references": [
                {
                    "category": "self",
                    "summary": "CVE-2026-57022 | NCSC-NL Website",
                    "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-57022.json"
                }
            ],
            "scores": [
                {
                    "cvss_v3": {
                        "version": "3.1",
                        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                        "baseScore": 5.9,
                        "baseSeverity": "MEDIUM"
                    },
                    "products": [
                        "CSAFPID-1",
                        "CSAFPID-2"
                    ]
                }
            ],
            "title": "CVE-2026-57022"
        },
        {
            "cve": "CVE-2026-57023",
            "cwe": {
                "id": "CWE-1284",
                "name": "Improper Validation of Specified Quantity in Input"
            },
            "notes": [
                {
                    "category": "other",
                    "text": "Improper Validation of Specified Quantity in Input",
                    "title": "CWE-1284"
                },
                {
                    "category": "description",
                    "text": "A vulnerability in the TCP proxy plugin of Juniper Networks Junos OS on MX Series with SPC3 and SRX Series allows an unauthenticated attacker to cause a Denial of Service by sending malformed TCP packets that crash and restart the flow processing daemon.",
                    "title": "Summary"
                },
                {
                    "category": "general",
                    "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M",
                    "title": "CVSSV4"
                }
            ],
            "product_status": {
                "known_affected": [
                    "CSAFPID-1",
                    "CSAFPID-2"
                ]
            },
            "references": [
                {
                    "category": "self",
                    "summary": "CVE-2026-57023 | NCSC-NL Website",
                    "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-57023.json"
                }
            ],
            "scores": [
                {
                    "cvss_v3": {
                        "version": "3.1",
                        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                        "baseScore": 7.5,
                        "baseSeverity": "HIGH"
                    },
                    "products": [
                        "CSAFPID-1",
                        "CSAFPID-2"
                    ]
                }
            ],
            "title": "CVE-2026-57023"
        },
        {
            "cve": "CVE-2026-57024",
            "cwe": {
                "id": "CWE-694",
                "name": "Use of Multiple Resources with Duplicate Identifier"
            },
            "notes": [
                {
                    "category": "other",
                    "text": "Use of Multiple Resources with Duplicate Identifier",
                    "title": "CWE-694"
                },
                {
                    "category": "description",
                    "text": "A vulnerability in the IKE daemon (iked) of Juniper Networks Junos OS on MX with SPC3 and SRX Series causes a Denial-of-Service by crashing the iked process during numerous failed VPN negotiations, requiring a system reboot to restore service.",
                    "title": "Summary"
                },
                {
                    "category": "general",
                    "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/AU:Y/R:A/RE:M",
                    "title": "CVSSV4"
                }
            ],
            "product_status": {
                "known_affected": [
                    "CSAFPID-1",
                    "CSAFPID-2"
                ]
            },
            "references": [
                {
                    "category": "self",
                    "summary": "CVE-2026-57024 | NCSC-NL Website",
                    "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-57024.json"
                }
            ],
            "scores": [
                {
                    "cvss_v3": {
                        "version": "3.1",
                        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                        "baseScore": 5.3,
                        "baseSeverity": "MEDIUM"
                    },
                    "products": [
                        "CSAFPID-1",
                        "CSAFPID-2"
                    ]
                }
            ],
            "title": "CVE-2026-57024"
        },
        {
            "cve": "CVE-2026-57025",
            "cwe": {
                "id": "CWE-466",
                "name": "Return of Pointer Value Outside of Expected Range"
            },
            "notes": [
                {
                    "category": "other",
                    "text": "Return of Pointer Value Outside of Expected Range",
                    "title": "CWE-466"
                },
                {
                    "category": "description",
                    "text": "A local low-privileged attacker can cause a Denial-of-Service by crashing the l2ald process on Juniper Networks Junos OS and Junos OS Evolved EX, QFX, and MX Series devices using a crafted 'show l2-learning' command, disrupting layer 2 services until restart.",
                    "title": "Summary"
                },
                {
                    "category": "general",
                    "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M",
                    "title": "CVSSV4"
                }
            ],
            "product_status": {
                "known_affected": [
                    "CSAFPID-1",
                    "CSAFPID-2"
                ]
            },
            "references": [
                {
                    "category": "self",
                    "summary": "CVE-2026-57025 | NCSC-NL Website",
                    "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-57025.json"
                }
            ],
            "scores": [
                {
                    "cvss_v3": {
                        "version": "3.1",
                        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                        "baseScore": 5.5,
                        "baseSeverity": "MEDIUM"
                    },
                    "products": [
                        "CSAFPID-1",
                        "CSAFPID-2"
                    ]
                }
            ],
            "title": "CVE-2026-57025"
        },
        {
            "cve": "CVE-2026-57026",
            "cwe": {
                "id": "CWE-1286",
                "name": "Improper Validation of Syntactic Correctness of Input"
            },
            "notes": [
                {
                    "category": "other",
                    "text": "Improper Validation of Syntactic Correctness of Input",
                    "title": "CWE-1286"
                },
                {
                    "category": "description",
                    "text": "A vulnerability in the SIP plugin of Juniper Networks Junos OS on MX Series with SPC3 and SRX Series allows an unauthenticated attacker to cause a Denial-of-Service by crashing the flow processing daemon when SIP ALG processes a malformed SIP invite packet.",
                    "title": "Summary"
                },
                {
                    "category": "general",
                    "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M",
                    "title": "CVSSV4"
                }
            ],
            "product_status": {
                "known_affected": [
                    "CSAFPID-1",
                    "CSAFPID-2"
                ]
            },
            "references": [
                {
                    "category": "self",
                    "summary": "CVE-2026-57026 | NCSC-NL Website",
                    "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-57026.json"
                }
            ],
            "scores": [
                {
                    "cvss_v3": {
                        "version": "3.1",
                        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                        "baseScore": 7.5,
                        "baseSeverity": "HIGH"
                    },
                    "products": [
                        "CSAFPID-1",
                        "CSAFPID-2"
                    ]
                }
            ],
            "title": "CVE-2026-57026"
        },
        {
            "cve": "CVE-2026-57027",
            "cwe": {
                "id": "CWE-401",
                "name": "Missing Release of Memory after Effective Lifetime"
            },
            "notes": [
                {
                    "category": "other",
                    "text": "Missing Release of Memory after Effective Lifetime",
                    "title": "CWE-401"
                },
                {
                    "category": "description",
                    "text": "A memory leak vulnerability in Juniper Junos OS on EX4100 and EX4400 Series devices, triggered by sFlow multicast configuration in a Virtual Chassis setup, can cause FPC crashes and Denial-of-Service by an unauthenticated adjacent attacker.",
                    "title": "Summary"
                },
                {
                    "category": "general",
                    "text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M",
                    "title": "CVSSV4"
                }
            ],
            "product_status": {
                "known_affected": [
                    "CSAFPID-1",
                    "CSAFPID-2"
                ]
            },
            "references": [
                {
                    "category": "self",
                    "summary": "CVE-2026-57027 | NCSC-NL Website",
                    "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-57027.json"
                }
            ],
            "scores": [
                {
                    "cvss_v3": {
                        "version": "3.1",
                        "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                        "baseScore": 6.5,
                        "baseSeverity": "MEDIUM"
                    },
                    "products": [
                        "CSAFPID-1",
                        "CSAFPID-2"
                    ]
                }
            ],
            "title": "CVE-2026-57027"
        },
        {
            "cve": "CVE-2026-57028",
            "cwe": {
                "id": "CWE-923",
                "name": "Improper Restriction of Communication Channel to Intended Endpoints"
            },
            "notes": [
                {
                    "category": "other",
                    "text": "Improper Restriction of Communication Channel to Intended Endpoints",
                    "title": "CWE-923"
                },
                {
                    "category": "description",
                    "text": "A vulnerability in Juniper Networks Junos OS Evolved before version 23.2R2-EVO allows unauthenticated attackers to cause license exhaustion by exploiting an improperly initialized process accessible via an open network port.",
                    "title": "Summary"
                },
                {
                    "category": "general",
                    "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/AU:Y/RE:M",
                    "title": "CVSSV4"
                }
            ],
            "product_status": {
                "known_affected": [
                    "CSAFPID-1",
                    "CSAFPID-2"
                ]
            },
            "references": [
                {
                    "category": "self",
                    "summary": "CVE-2026-57028 | NCSC-NL Website",
                    "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-57028.json"
                }
            ],
            "scores": [
                {
                    "cvss_v3": {
                        "version": "3.1",
                        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                        "baseScore": 7.3,
                        "baseSeverity": "HIGH"
                    },
                    "products": [
                        "CSAFPID-1",
                        "CSAFPID-2"
                    ]
                }
            ],
            "title": "CVE-2026-57028"
        },
        {
            "cve": "CVE-2026-57029",
            "cwe": {
                "id": "CWE-820",
                "name": "Missing Synchronization"
            },
            "notes": [
                {
                    "category": "other",
                    "text": "Missing Synchronization",
                    "title": "CWE-820"
                },
                {
                    "category": "description",
                    "text": "A Missing Synchronization vulnerability in Juniper Networks Junos OS Evolved on QFX Series allows an adjacent, unauthenticated attacker to cause a Denial-of-Service by crashing the evo-pfemand process during simultaneous sFlow collector reachability changes and next-hop data access.",
                    "title": "Summary"
                },
                {
                    "category": "general",
                    "text": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/RE:M",
                    "title": "CVSSV4"
                }
            ],
            "product_status": {
                "known_affected": [
                    "CSAFPID-1",
                    "CSAFPID-2"
                ]
            },
            "references": [
                {
                    "category": "self",
                    "summary": "CVE-2026-57029 | NCSC-NL Website",
                    "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-57029.json"
                }
            ],
            "scores": [
                {
                    "cvss_v3": {
                        "version": "3.1",
                        "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                        "baseScore": 5.3,
                        "baseSeverity": "MEDIUM"
                    },
                    "products": [
                        "CSAFPID-1",
                        "CSAFPID-2"
                    ]
                }
            ],
            "title": "CVE-2026-57029"
        },
        {
            "cve": "CVE-2026-57030",
            "cwe": {
                "id": "CWE-362",
                "name": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"
            },
            "notes": [
                {
                    "category": "other",
                    "text": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')",
                    "title": "CWE-362"
                },
                {
                    "category": "description",
                    "text": "A race condition vulnerability in Juniper Junos OS on SRX Series causes excessive flow timeouts, leading to an accumulation of invalidated sessions that can result in denial-of-service or system reboot.",
                    "title": "Summary"
                },
                {
                    "category": "general",
                    "text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:U/RE:M",
                    "title": "CVSSV4"
                }
            ],
            "product_status": {
                "known_affected": [
                    "CSAFPID-1",
                    "CSAFPID-2"
                ]
            },
            "references": [
                {
                    "category": "self",
                    "summary": "CVE-2026-57030 | NCSC-NL Website",
                    "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-57030.json"
                }
            ],
            "scores": [
                {
                    "cvss_v3": {
                        "version": "3.1",
                        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                        "baseScore": 5.9,
                        "baseSeverity": "MEDIUM"
                    },
                    "products": [
                        "CSAFPID-1",
                        "CSAFPID-2"
                    ]
                }
            ],
            "title": "CVE-2026-57030"
        },
        {
            "cve": "CVE-2026-57031",
            "cwe": {
                "id": "CWE-754",
                "name": "Improper Check for Unusual or Exceptional Conditions"
            },
            "notes": [
                {
                    "category": "other",
                    "text": "Improper Check for Unusual or Exceptional Conditions",
                    "title": "CWE-754"
                },
                {
                    "category": "description",
                    "text": "A vulnerability in Juniper Networks Junos OS on MX Series hardware allows adjacent subscribers on static interfaces to bypass ingress firewall filters, disabling protocol and bandwidth enforcement across multiple Junos OS versions from 23.2 to 25.2.",
                    "title": "Summary"
                },
                {
                    "category": "general",
                    "text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/AU:Y/RE:M",
                    "title": "CVSSV4"
                }
            ],
            "product_status": {
                "known_affected": [
                    "CSAFPID-1",
                    "CSAFPID-2"
                ]
            },
            "references": [
                {
                    "category": "self",
                    "summary": "CVE-2026-57031 | NCSC-NL Website",
                    "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-57031.json"
                }
            ],
            "scores": [
                {
                    "cvss_v3": {
                        "version": "3.1",
                        "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
                        "baseScore": 4.7,
                        "baseSeverity": "MEDIUM"
                    },
                    "products": [
                        "CSAFPID-1",
                        "CSAFPID-2"
                    ]
                }
            ],
            "title": "CVE-2026-57031"
        },
        {
            "cve": "CVE-2026-57032",
            "cwe": {
                "id": "CWE-236",
                "name": "Improper Handling of Undefined Parameters"
            },
            "notes": [
                {
                    "category": "other",
                    "text": "Improper Handling of Undefined Parameters",
                    "title": "CWE-236"
                },
                {
                    "category": "description",
                    "text": "A vulnerability in Juniper Networks Junos OS on EX Series devices allows authenticated low-privilege attackers to cause Denial-of-Service by subscribing to unsupported telemetry sensor paths via gRPC, leading to FPC crashes and service outages.",
                    "title": "Summary"
                },
                {
                    "category": "general",
                    "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M",
                    "title": "CVSSV4"
                }
            ],
            "product_status": {
                "known_affected": [
                    "CSAFPID-1",
                    "CSAFPID-2"
                ]
            },
            "references": [
                {
                    "category": "self",
                    "summary": "CVE-2026-57032 | NCSC-NL Website",
                    "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-57032.json"
                }
            ],
            "scores": [
                {
                    "cvss_v3": {
                        "version": "3.1",
                        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                        "baseScore": 6.5,
                        "baseSeverity": "MEDIUM"
                    },
                    "products": [
                        "CSAFPID-1",
                        "CSAFPID-2"
                    ]
                }
            ],
            "title": "CVE-2026-57032"
        },
        {
            "cve": "CVE-2026-57054",
            "cwe": {
                "id": "CWE-706",
                "name": "Use of Incorrectly-Resolved Name or Reference"
            },
            "notes": [
                {
                    "category": "other",
                    "text": "Use of Incorrectly-Resolved Name or Reference",
                    "title": "CWE-706"
                },
                {
                    "category": "description",
                    "text": "A vulnerability in the URL filtering plugin of Juniper Networks Junos OS on MX Series allows unauthenticated attackers to bypass web filtering and access restricted downstream resources via specially crafted URL requests.",
                    "title": "Summary"
                },
                {
                    "category": "general",
                    "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/AU:Y/R:A/RE:M",
                    "title": "CVSSV4"
                }
            ],
            "product_status": {
                "known_affected": [
                    "CSAFPID-1",
                    "CSAFPID-2"
                ]
            },
            "references": [
                {
                    "category": "self",
                    "summary": "CVE-2026-57054 | NCSC-NL Website",
                    "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-57054.json"
                }
            ],
            "scores": [
                {
                    "cvss_v3": {
                        "version": "3.1",
                        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
                        "baseScore": 5.8,
                        "baseSeverity": "MEDIUM"
                    },
                    "products": [
                        "CSAFPID-1",
                        "CSAFPID-2"
                    ]
                }
            ],
            "title": "CVE-2026-57054"
        }
    ]
}